A USB memory stick containing personal information on patients and staff at a secure hospital near Falkirk has been found in a car park outside an Asda store in nearby Stenhousemuir.
Data on the unencrypted device included names, addresses and (worse still) medical records of patients. A member of staff at the Tryst Park unit at …

Data Controller?

Typical From Forth Valley HNS

As a Falkirk native, this is not at all surprising. The local NHS here has been dismantled to the point it no longer does anything useful. Also, with our local MP (Eric Joyce) more interested in claiming the highest expenses of any MP in the UK, nothing will be done as usual.

Urgh

I bet that the person suspended is the one at the bottom of the food chain. I'll also bet they wont suspend the manager/s in charge who should have had a system in place to make sure that it was difficult for the data get lost or if it did, that it was securely encrypted and backed up.

(nt)

No mention of a "computer fault"?

The original reports of this spoke of NHS Forth Valley claiming a "computer fault" - not sure how that could happen, unless the stick was automatically ejected with enough force to fire it a couple of miles to Asda's car park through a conveniently open window perhaps?

Exactly my thoughts

It must have been one of those computer explosions you see in movies with bits flying everywhere. I've only ever seen this happen in real life, and it involved an A/D card which was accidentally wired to a fresh 550V generator output instead of the 30mA measuring loop it was meant to see.

Makes me mad too.

So people who are already some of the most vulnerable people in society, who are are already afraid to seek help because of the stigmatization that might lead to, now they have to worry that their medical records might become public. How utterly horrid.

only last week...

i found some numpties usb drive in tescos carpark, with his CV, bank details (sort codes AND accounts numbers) all his household bills, and customer reference numbers on it, 1000's of pictures. This twat was, and i quote, "head of network security at astra zenica pharmaceuticals".

anyone called Gizmodo?

The fact is...

...and I speak from experience with such organisations...

The people at the top don't care. They've never cared. They won't ever care.

Why would they? They're not ever held responsible for their failures (they'd be fired in a week were that true) - some dumb klutz at the bottom of the pile will be sacked for losing data he should never have had the authority or opportunity to copy in the first place. And if the CEO of this Trust was fired tomorrow, he still wouldn't give a tinker's. He'd leave on a golden handshake the rest of us could only dream of with a Lottery win, and pop up in another sinecure job before the ink was dry on his resignation.

Absolutely no excuses

There is just no excuse at all for this. It's not even a human error, except if you count what must have been a deliberate policy decision not to implement encrypted media at the technical level.

Everyone involved in this is culpable and should be considering thier positions; The Chief Exec, the IT Director, the senior IT security managers, Internal Auditors, Risk Managers not to mention the operational management who allowed the unencrypted stick to be used (and lost)

Every single one of those people is responsible. No excuses - clear your desks and go tomorrow.

Me? Unsurprisingly I submitted my opt out request for the the NHS Central Records spine last week. Anyone who is still willing to trust that thier personal medical records will be professionally managed after reading the above is simply an idiot.

hipaa

In the US the person responsible for such a data breech can held responsible in addition to the hospital. depending how bad they deem it it could be a $100 fine or $25,000 fine and up to a year in jail. That tends to make numpties think.